Sign up to save your podcasts
Or
Share The Once and Future Rules of Cybersecurity | A Black Hat SecTor 2025 Conversation with HD Moore | On Location Coverage with Sean Martin and Marco Ciappelli
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Once and Future Rules of Cybersecurity | A Black Hat SecTor 2025 Conversation with HD Moore | On Location Coverage with Sean Martin and Marco Ciappelli
During his keynote at SecTor 2025, HD Moore, founder and CEO of runZero and widely recognized for creating Metasploit, invites the cybersecurity community to rethink the foundational “rules” we continue to follow—often without question. In conversation with Sean Martin and Marco Ciappelli for ITSPmagazine’s on-location event coverage, Moore breaks down where our security doctrines came from, why some became obsolete, and which ones still hold water.
One standout example? The rule to “change your passwords every 30 days.” Moore explains how this outdated guidance—rooted in assumptions from the early 2000s when password sharing was rampant—led to predictable patterns and frustrated users. Today, the advice has flipped: focus on strong, unique passwords per service, stored securely via password managers.
But this keynote isn’t just about passwords. Moore uses this lens to explore how many security “truths” were formed in response to technical limitations or outdated behaviors—things like shared network trust, brittle segmentation, and fragile authentication models. As technology matures, so too should the rules. Enter passkeys, hardware tokens, and enclave-based authentication. These aren’t just new tools—they’re a fundamental shift in where and how we anchor trust.
Moore also calls out an uncomfortable truth: the very products we rely on to protect our systems—firewalls, endpoint managers, and security appliances—are now among the top vectors for breach, per Mandiant’s latest report. That revelation struck a chord with conference attendees, who appreciated Moore’s willingness to speak plainly about systemic security debt.
He also discusses the inescapable vulnerabilities in AI agent flows, likening prompt injection attacks to the early days of cross-site scripting. The tech itself invites risk, he warns, and we’ll need new frameworks—not just tweaks to old ones—to manage what comes next.
This conversation is a must-listen for anyone questioning whether our security playbooks are still fit for purpose—or simply carried forward by habit.
___________
GUEST:
HD Moore, Founder and CEO of RunZero | On Linkedin: https://www.linkedin.com/in/hdmoore/
HOSTS:
Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.com
Marco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.com
RESOURCES:
Keynote: The Once and Future Rules of Cybersecurity: https://www.blackhat.com/sector/2025/briefings/schedule/#keynote-the-once-and-future-rules-of-cybersecurity-49596
Learn more and catch more stories from our SecTor 2025 coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/sector-cybersecurity-conference-toronto-2025
Mandiant M-Trends Breach Report: https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025/
OPM Data Breach Summary: https://oversight.house.gov/report/opm-data-breach-government-jeopardized-national-security-generation/
Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage
Want to share an Event Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf
Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us
___________
KEYWORDS:
hd moore, sean martin, marco ciappelli, metasploit, runzero, sector, password, breach, ai, passkeys, event coverage, on location, conference
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
View all episodes
By Sean Martin, ITSPmagazine
5
33 ratings
During his keynote at SecTor 2025, HD Moore, founder and CEO of runZero and widely recognized for creating Metasploit, invites the cybersecurity community to rethink the foundational “rules” we continue to follow—often without question. In conversation with Sean Martin and Marco Ciappelli for ITSPmagazine’s on-location event coverage, Moore breaks down where our security doctrines came from, why some became obsolete, and which ones still hold water.
One standout example? The rule to “change your passwords every 30 days.” Moore explains how this outdated guidance—rooted in assumptions from the early 2000s when password sharing was rampant—led to predictable patterns and frustrated users. Today, the advice has flipped: focus on strong, unique passwords per service, stored securely via password managers.
But this keynote isn’t just about passwords. Moore uses this lens to explore how many security “truths” were formed in response to technical limitations or outdated behaviors—things like shared network trust, brittle segmentation, and fragile authentication models. As technology matures, so too should the rules. Enter passkeys, hardware tokens, and enclave-based authentication. These aren’t just new tools—they’re a fundamental shift in where and how we anchor trust.
Moore also calls out an uncomfortable truth: the very products we rely on to protect our systems—firewalls, endpoint managers, and security appliances—are now among the top vectors for breach, per Mandiant’s latest report. That revelation struck a chord with conference attendees, who appreciated Moore’s willingness to speak plainly about systemic security debt.
He also discusses the inescapable vulnerabilities in AI agent flows, likening prompt injection attacks to the early days of cross-site scripting. The tech itself invites risk, he warns, and we’ll need new frameworks—not just tweaks to old ones—to manage what comes next.
This conversation is a must-listen for anyone questioning whether our security playbooks are still fit for purpose—or simply carried forward by habit.
___________
GUEST:
HD Moore, Founder and CEO of RunZero | On Linkedin: https://www.linkedin.com/in/hdmoore/
HOSTS:
Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.com
Marco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.com
RESOURCES:
Keynote: The Once and Future Rules of Cybersecurity: https://www.blackhat.com/sector/2025/briefings/schedule/#keynote-the-once-and-future-rules-of-cybersecurity-49596
Learn more and catch more stories from our SecTor 2025 coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/sector-cybersecurity-conference-toronto-2025
Mandiant M-Trends Breach Report: https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025/
OPM Data Breach Summary: https://oversight.house.gov/report/opm-data-breach-government-jeopardized-national-security-generation/
Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage
Want to share an Event Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf
Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us
___________
KEYWORDS:
hd moore, sean martin, marco ciappelli, metasploit, runzero, sector, password, breach, ai, passkeys, event coverage, on location, conference
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
More shows like Redefining CyberSecurity
View all
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
370 Listeners
Risky Business
373 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
638 Listeners
Smashing Security
322 Listeners
ITSPmagazine
31 Listeners
Darknet Diaries
8,002 Listeners
Cybersecurity Today
175 Listeners
Hacking Humans
313 Listeners
CISO Series Podcast
188 Listeners
Defense in Depth
73 Listeners
Cyber Security Headlines
134 Listeners
Hard Fork
5,476 Listeners
The Ezra Klein Show
16,145 Listeners
Cybersecurity Where You Are (video)
13 Listeners
Audio Signals Podcast
2 Listeners
HBR On Leadership
160 Listeners
Stories From Space
4 Listeners
Redefining Society and Technology Podcast
0 Listeners